Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-28766
CVE-2022-28766:
Zoom Client vulnerability analysis and mitigation
Overview
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. The vulnerability was disclosed and published on November 17, 2022 (NVD).
Technical details
The vulnerability is classified as a DLL injection vulnerability with a CVSS v3.1 score of 7.3 HIGH. This security flaw allows a local low-privileged user to potentially execute arbitrary code in the context of the Zoom client (NVD, CVE).
Impact
If successfully exploited, this vulnerability enables a local low-privileged user to run arbitrary code in the context of the Zoom client, potentially compromising the security and integrity of the affected system (NVD).
Mitigation and workarounds
The vulnerability has been fixed in Zoom version 5.12.6. Users are advised to update their Zoom Client for Meetings and Zoom Rooms for Conference Room installations to version 5.12.6 or later to address this security issue (ManageEngine).
Additional resources
Source: This report was generated using AI
Related Zoom Client vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management